Risk Assessment —

FBI: Over one million computers working for botnets

An investigation by the FBI, working in conjunction with industry partners, …

The US Department of Justice and the FBI have released a statement that they have identified over one million computers who have become part of a "botnet"—taken over by malicious software for the purpose of sending out spam and attacking other computers. The FBI has been working with industry partners such as Microsoft and the Computer Emergency Response Team Coordination Center at Carnegie Mellon University.

The FBI and the Justice Department aren't just interested in finding and informing victims, however; they are actively working to locate and dismantle the operators of the botnets, known as "botherders." To date, the task force has nabbed James C. Brewer of Arlington, TX, Jason Michael Downey of Covington, KY, and Robert Alan Soloway of Seattle, WA, charging all three of them with using botnets to send spam and disrupt other computers with Distributed Denial-of-Service (DDos) attacks. Brewer's case is particularly troubling as he is alleged to have disrupted computers in a Chicago-area hospital.

The botnet problem is difficult to quantify: exactly how many computers out there are part of a botnet? In January, TCP/IP pioneer Vint Cerf estimated that one-quarter of all computers could be part of a botnet. While this number seems high—much higher than the FBI's one million out of an estimated 600 million computers connected to the Internet—there are other figures that paint a disturbing picture of the level of malicious software out there. Google researchers recently said that they looked at 4.5 million web pages and found that over ten percent of them contained malware or code that attempted to install malware on a user's system.

Most of these computers are running older versions of Windows—specifically versions prior to XP SP2—but there are also botnetted machines running Linux and OS X, primarily servers running third-party server software such as PHP that has not been fully patched for security vulnerabilities. As new versions of Windows harden themselves against OS-level attacks, expect to see more attacks on third-party software, particularly as users are fairly lax at keeping it patched.